Who paid the cost of giving the National Security Agency direct access to the systems of nine technology companies, including Facebook, Google, Microsoft and Yahoo?

The answer arrived Friday: U.S. taxpayers.

Furthermore, the bill wasn't cheap. The U.S. Foreign Intelligence Surveillance Act (FISA) Court, which is charged with monitoring the NSA's surveillance programs, ruled in 2011 that the agency violated section 702 of FISA as well as the Fourth Amendment. Accordingly, the court ordered the programs to cease within 30 days unless specific "upstream collection" practice problems were fixed.

"Upstream collection is when the NSA gets a copy of Internet traffic as it flows through major telecommunications hubs and searches through for 'selectors,' like an email address or a keyword," Parker Higgins, an activist at Electronic Frontier Foundation, said in a blog post.

That FISA Court ruling triggered a period of successive 30-day extensions, each of which required corresponding changes from the technology companies that were legally compelled to give the NSA access to their systems. Those extensions and the surveillance program certifications they included came at quite a cost, according to a December 2012 NSA newsletter marked "top secret," which was published Friday by the Guardian and presumably provided by former NSA employee-turned-whistleblower Edward Snowden.

"Last year's problems resulted in multiple extensions to the certifications' expiration dates which cost millions of dollars for Prism providers to implement each successive extension -- costs covered by Special Source Operations," read the NSA newsletter.

Yahoo confirmed to the Guardian that it had been reimbursed for costs related to responding to data requests from the U.S. government. "Federal law requires the U.S. government to reimburse providers for costs incurred to respond to compulsory legal process imposed by the government," said a Yahoo official. "We have requested reimbursement consistent with this law."

Special Source Operations -- described by Snowden as the NSA's "crown jewel" -- administers the agency's surveillance programs that involve service providers, telecommunications companies and corporate partnership arrangements with technology firms that give the agency direct access to the data they handle.

But according to three rulings declassified this week by director of National Intelligence James Clapper -- as ordered by President Obama -- the FISA Court in 2011 ruled that the agency had broken the FISA law and violated the Fourth Amendment thousands of times due to its data interception practices. That document disclosure was made in response to a Freedom of Information Act request from EFF.

In one of those declassified documents, FISA Court judge John Bates wrote in an 86-page opinion that the "volume and nature of the information [NSA] has been collecting is fundamentally different from what the court had been led to believe." Furthermore, he said that the NSA's so-called minimization procedures for intercepting multi-communication transaction (MCT) data "tend to maximize, rather than minimize, the retention of non-target information, including information of or concerning United States persons," thus violating the Fourth Amendment.

Accordingly, rather than renewing the requested annual legal certifications the agency is required to obtain from the FISA Court for its FISA surveillance programs, he instructed the NSA to fix specific problems or cease its related surveillance efforts.

In a cover letter published with the declassified court rulings, Clapper characterized those problems as involving "highly technical reasons concerning the matter in which the collection occurred," rather than involving questions of civil liberties. In particular, the problem appeared to center on the capture of MCT data, which might bundle multiple messages in a single communication.

"In large-scale enterprises as technologically sophisticated and operationally complex as the 702 program, mistakes and errors can and will happen," said Clapper. He said that after the court ruling, the agency proactively deleted all upstream communications it had intercepted in violation of FISA.

Clapper emphasized, however, that the agency reports all such errors both to the FISA Court and Congress. That included reporting earlier "unintended misrepresentations in the way the collections were described to the FISA Court" that resulted in part from "gaps in technical understanding" between different groups at NSA. In the wake of those discoveries and reporting the problems to the FISA Court and Congress, Clapper said that part of the solution entailed making not just technical changes, but also related structural, managerial and training changes at NSA.

Welcome to
TechWeb, the IT professional's online resource for news coverage of the
information technology industry. We know technology news. Our mobile
and wireless news coverage moves as fast as wireless technology itself.
We follow all the devices you depend on to stay connected. Our software
coverage follows the multi-faceted software industry from every angle.
We've got a lock on network security and computer security issues.
We're all over the business of the Web--the Internet business--and the
engines that run it. We have our eyes and ears tuned to the players who
make and run the tools that tie us all together--Google, Microsoft,
eBay, Cisco, Yahoo, Oracle, Apple, Sony--and scores of others. And we
keep close tabs on the backbone of information technology, PC hardware.
We know PCs and Apple computers inside and out. We cover computer
technology, computer news, software news, search engine news, business
software, operating systems, and software development. Our coverage of
tech news includes a strong focus on the security business, its
attendant spyware and viruses, how security relates to wireless
technology and business networking and the security issues surrounding
RFID technology. We closely follow developments in Internet news and
Internet technology, including the spread of broadband and its effect
on Web browsers and the Web business. We watch the VoIP business, and
how VoIP technology is affecting the state of telephony in the
enterprise. And if all that isn't enough, we also track developments in
the IT industry that affect IT jobs, IT careers, and outsourcing.